Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Need help!! Please explain and answer all Analysis of machelangelo malware in IDA pro Questions : 1 What type of virus is Michelangelo? 2 On
Need help!! Please explain and answer all 
1 What type of virus is Michelangelo? 2 On MS DOS machine Michelangelo virus is loaded at address segment : offset 3 When the virus begin execution at location loc_7CAF, it moves int 13h handler segment and offset to address :_ 4 At loc_7CAF, the virus creates a 2KB reserves space below the memory limit and sets the address in one of the segments registers. Identify the segment register usca. 5 At loc_7CAF, the original int 13h is replaced by the virus body. Identify the 2-bytes offset for the new int 13h handler. 6 At the end of loc 7CAF, the virus copied 446 bytes of its code using movsb. Identify the values for ds:si and es:di : Refer to instruction (C) 7 Identify the target 2-byte offset for the jump at the end of loc_7CAF. 8 The instruction at address seg000:7C10 is testing for drive number. What drive will make the virus execute the code at address seg000:7C14. Refer to instruction (a) 9 The instruction at address seg000:7C85 calls the original int 13h handler to write data to disk. Assuming the compare instruction at seg000:7C78 sets the zero flag, identify the sector # head # number of sectors to copy and the segment and address of the buffer (es:bx) : Refer to instruction (a) 10 Identify the last word (2 bytes) of the partition table/signature copied at address seg000:7C95. 11 If the compare instruction at address seg000:7D07 did not set the zero flag, identify the registers for the int 13h that followed. AH , AL , CH , CL , DH_, DL , ES , BX Refer to instruction (b) 12 The int 13h at address seg000:7D2C reads data from disk. Identify the drive # sector # , number of sectors to read and the address of the buffer (es:bx) es: _ . Refer to instruction (a) 13 What is the value of ax register at address seg000:7D33. 14 The int 1 Ah at address seg000:7D2C reads date from real time clock from disk. What Month and day will cause the code at loc_7D4B to execute? (Write the month is full e.g. January and day is number e.g. 10) 15 The int 13h at address loc_7D87 writes data to disk. Identify the drive # , sector # , number of sectors to read and the address of the buffer (es:bx) es: Refer to instruction (a) 16 The int 13h at address loc_7DAA writes data to disk. Identify the drive # sector # track # number of sectors to read and the address of the buffer (es:bx) es: Refer to instruction (a) 17 Based on the malware payload categorization discussed in lecture 1, which of the option below best describe the action of the malware at loc_704B through loc_7D79 Analysis of machelangelo malware in IDA pro
Questions :
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Administering Relational Databases On Microsoft Azure A Detail Paradigm To Support Sql On Azure Cloud And Dp 300 Study Guide
Authors: Prashanth Jayaram ,Ahmad Yaseen ,Rajendra Gupta
1st Edition
979-8706128029
